Vulnerabilities > Interpretation Conflict
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-54021 | Interpretation Conflict vulnerability in Fortinet Fortios and Fortiproxy An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. | 9.8 |
| 2024-09-05 | CVE-2024-45097 | Interpretation Conflict vulnerability in IBM Aspera Faspex IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | 7.1 |
| 2024-08-15 | CVE-2024-42487 | Interpretation Conflict vulnerability in Cilium 1.16.0 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. | 4.3 |
| 2024-06-16 | CVE-2024-38428 | Interpretation Conflict vulnerability in GNU Wget url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. | 9.1 |
| 2024-04-10 | CVE-2024-3386 | Interpretation Conflict vulnerability in Paloaltonetworks Pan-Os An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. | 5.3 |
| 2024-02-02 | CVE-2023-50327 | Interpretation Conflict vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. | 5.3 |
| 2024-01-24 | CVE-2024-23644 | Interpretation Conflict vulnerability in Trillium and Trillium-Http Trillium is a composable toolkit for building internet applications with async rust. | 8.1 |
| 2024-01-10 | CVE-2023-48256 | Interpretation Conflict vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. | 6.3 |
| 2023-10-10 | CVE-2023-40718 | Interpretation Conflict vulnerability in Fortinet Fortios IPS Engine A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | 7.5 |
| 2023-07-11 | CVE-2023-29406 | Interpretation Conflict vulnerability in Golang GO The HTTP/1 client does not fully validate the contents of the Host header. | 6.5 |